summary refs log tree commit diff stats
path: root/results/classifier/108/other/1914
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--results/classifier/108/other/191422
-rw-r--r--results/classifier/108/other/1914021120
-rw-r--r--results/classifier/108/other/1914236121
-rw-r--r--results/classifier/108/other/1914282130
-rw-r--r--results/classifier/108/other/191429470
-rw-r--r--results/classifier/108/other/1914638601
-rw-r--r--results/classifier/108/other/191466788
-rw-r--r--results/classifier/108/other/1914696139
-rw-r--r--results/classifier/108/other/1914870136
-rw-r--r--results/classifier/108/other/1914986103
10 files changed, 1530 insertions, 0 deletions
diff --git a/results/classifier/108/other/1914 b/results/classifier/108/other/1914
new file mode 100644
index 000000000..8969af983
--- /dev/null
+++ b/results/classifier/108/other/1914
@@ -0,0 +1,22 @@
+device: 0.895
+other: 0.892
+graphic: 0.859
+semantic: 0.675
+PID: 0.651
+files: 0.642
+vnc: 0.516
+network: 0.495
+debug: 0.485
+permissions: 0.442
+boot: 0.372
+socket: 0.300
+performance: 0.243
+KVM: 0.029
+
+x86 q35 machine type documentation is missing
+Description of problem:
+The x86 machine type of q35 was added in 2012 by commit
+df2d8b3ed4d2 ("q35: Introduce q35 pc based chipset emulator")
+but no documentation was added to docs/master/system/target-i386.html
+Additional information:
+There was development documentation at https://wiki.qemu.org/Features/Q35
diff --git a/results/classifier/108/other/1914021 b/results/classifier/108/other/1914021
new file mode 100644
index 000000000..9e2b619c9
--- /dev/null
+++ b/results/classifier/108/other/1914021
@@ -0,0 +1,120 @@
+other: 0.928
+permissions: 0.902
+performance: 0.867
+debug: 0.843
+semantic: 0.828
+device: 0.822
+graphic: 0.800
+PID: 0.770
+boot: 0.696
+vnc: 0.691
+network: 0.681
+files: 0.665
+socket: 0.662
+KVM: 0.549
+
+qemu: uncaught target signal 4 (Illegal instruction) but gdb remote-debug exited normally
+
+I'm getting Illegal instruction (core dumped) when running the attached a.out_err binary in qemu, but when using Gdb to remote-debug the program, it exited normally. will appreciate if you can help look into this qemu issue.
+
+readelf -h a.out_err
+ELF Header:
+  Magic:   7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00
+  Class:                             ELF32
+  Data:                              2's complement, little endian
+  Version:                           1 (current)
+  OS/ABI:                            UNIX - System V
+  ABI Version:                       0
+  Type:                              EXEC (Executable file)
+  Machine:                           ARM
+  Version:                           0x1
+  Entry point address:               0x8220
+  Start of program headers:          52 (bytes into file)
+  Start of section headers:          54228 (bytes into file)
+  Flags:                             0x5000200, Version5 EABI, soft-float ABI
+  Size of this header:               52 (bytes)
+  Size of program headers:           32 (bytes)
+  Number of program headers:         3
+  Size of section headers:           40 (bytes)
+  Number of section headers:         16
+  Section header string table index: 15
+
+qemu-arm version 4.0.0
+
+
+
+QEMU 4.0 is quite old now -- does this reproduce with a more recent QEMU?
+
+
+yes, it reproduced on QEMU 5.0.0. 
+
+For me, with current head-of-git QEMU, the program crashes with a SIGSEGV very early in execution, because:
+
+0x00008260:  e59f30f0  ldr      r3, [pc, #0xf0]
+
+loads 0 into r3, and then
+
+0x00008270:  e1a0d003  mov      sp, r3
+
+sets sp to 0, and then
+
+0x000087b0:  e92d4030  push     {r4, r5, lr}
+
+tries to write to addres 0, which causes a SEGV.
+
+This happens whether using the gdbstub or not.
+
+
+   0x00008260 <+64>:    ldr     r3, [pc, #240]
+   0x00008264 <+68>:    cmp     r1, #0
+=> 0x00008268 <+72>:    beq     0x8270
+   0x0000826c <+76>:    mov     r3, r1
+   0x00008270 <+80>:    mov     sp, r3
+
+(gdb) p/x $r1
+$2 = 0xfffef690
+
+But r1 is not zero when using Gdb remote-debug, so it will enter 
+   0x0000826c <+76>:    mov     r3, r1
+
+QEMU 5.0.0.
+GNU gdb (GDB; SUSE Linux Enterprise 12) 8.0.1
+
+
+Oh, your code is trying to use the SYS_HEAPINFO semihosting call to figure out where the stack and heap are. This is generally a bad idea if you're using QEMU user-mode emulation: you start with a perfectly good stack pointer and you should just use the usual Linux syscalls to allocate heap if you need it.
+
+I have no idea where your code is getting r1 from -- it's too painful to try to reverse-engineer it from the binary. I can't repro any difference between with-gdb and without -- for me with current QEMU r1 is 0 whether running with the gdb stub or not.
+
+
+The QEMU project is currently moving its bug tracking to another system.
+For this we need to know which bugs are still valid and which could be
+closed already. Thus we are setting the bug state to "Incomplete" now.
+
+If the bug has already been fixed in the latest upstream version of QEMU,
+then please close this ticket as "Fix released".
+
+If it is not fixed yet and you think that this bug report here is still
+valid, then you have two options:
+
+1) If you already have an account on gitlab.com, please open a new ticket
+for this problem in our new tracker here:
+
+    https://gitlab.com/qemu-project/qemu/-/issues
+
+and then close this ticket here on Launchpad (or let it expire auto-
+matically after 60 days). Please mention the URL of this bug ticket on
+Launchpad in the new ticket on GitLab.
+
+2) If you don't have an account on gitlab.com and don't intend to get
+one, but still would like to keep this ticket opened, then please switch
+the state back to "New" or "Confirmed" within the next 60 days (other-
+wise it will get closed as "Expired"). We will then eventually migrate
+the ticket automatically to the new system (but you won't be the reporter
+of the bug in the new system and thus you won't get notified on changes
+anymore).
+
+Thank you and sorry for the inconvenience.
+
+
+[Expired for QEMU because there has been no activity for 60 days.]
+
diff --git a/results/classifier/108/other/1914236 b/results/classifier/108/other/1914236
new file mode 100644
index 000000000..2301a70a3
--- /dev/null
+++ b/results/classifier/108/other/1914236
@@ -0,0 +1,121 @@
+debug: 0.844
+other: 0.813
+permissions: 0.786
+performance: 0.767
+KVM: 0.764
+vnc: 0.762
+network: 0.760
+device: 0.740
+graphic: 0.739
+semantic: 0.738
+PID: 0.696
+files: 0.679
+socket: 0.659
+boot: 0.646
+
+QEMU: scsi: use-after-free in mptsas_process_scsi_io_request() of mptsas1068 emulator
+
+* Cheolwoo Myung of Seoul National University reported a use-after-free issue in the SCSI Megaraid
+  emulator of the QEMU.
+
+* It occurs while handling mptsas_process_scsi_io_request(), as it does not
+  check a list in s->pending.
+
+* This was found in version 5.2.0 (master)
+
+==31872==ERROR: AddressSanitizer: heap-use-after-free on address
+0x60c000107568 at pc 0x564514950c7c bp 0x7fff524ef4b0 sp 0x7fff524ef4a0 WRITE of size 8 at 0x60c000107568 thread T0
+#0 0x564514950c7b in mptsas_process_scsi_io_request ../hw/scsi/mptsas.c:306
+#1 0x564514950c7b in mptsas_fetch_request ../hw/scsi/mptsas.c:775
+#2 0x564514950c7b in mptsas_fetch_requests ../hw/scsi/mptsas.c:790
+#3 0x56451585c25d in aio_bh_poll ../util/async.c:164
+#4 0x5645158d7e7d in aio_dispatch ../util/aio-posix.c:381
+#5 0x56451585be2d in aio_ctx_dispatch ../util/async.c:306
+#6 0x7f1cc8af4416 in g_main_context_dispatch
+(/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4c416)
+#7 0x56451583f059 in glib_pollfds_poll ../util/main-loop.c:221
+#8 0x56451583f059 in os_host_main_loop_wait ../util/main-loop.c:244
+#9 0x56451583f059 in main_loop_wait ../util/main-loop.c:520
+#10 0x56451536b181 in qemu_main_loop ../softmmu/vl.c:1537
+#11 0x5645143ddd3d in main ../softmmu/main.c:50
+#12 0x7f1cc2650b96 in __libc_start_main
+(/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
+#13 0x5645143eece9 in _start
+(/home/cwmyung/prj/hyfuzz/src/qemu-repro/build/qemu-system-i386+0x1d55ce9)
+
+0x60c000107568 is located 104 bytes inside of 120-byte region
+[0x60c000107500,0x60c000107578)
+freed by thread T0 here:
+#0 0x7f1cca9777a8 in __interceptor_free
+(/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde7a8)
+#1 0x56451495008b in mptsas_process_scsi_io_request ../hw/scsi/mptsas.c:358
+#2 0x56451495008b in mptsas_fetch_request ../hw/scsi/mptsas.c:775
+#3 0x56451495008b in mptsas_fetch_requests ../hw/scsi/mptsas.c:790
+#4 0x7fff524ef8bf (<unknown module>)
+
+previously allocated by thread T0 here:
+#0 0x7f1cca977d28 in __interceptor_calloc
+(/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
+#1 0x7f1cc8af9b10 in g_malloc0
+(/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x51b10)
+#2 0x7fff524ef8bf (<unknown module>)
+
+SUMMARY: AddressSanitizer: heap-use-after-free ../hw/scsi/mptsas.c:306
+in mptsas_process_scsi_io_request
+Shadow bytes around the buggy address:
+0x0c1880018e50: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
+0x0c1880018e60: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
+0x0c1880018e70: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
+0x0c1880018e80: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
+0x0c1880018e90: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
+=>0x0c1880018ea0: fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]fd fa
+0x0c1880018eb0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
+0x0c1880018ec0: 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa fa
+0x0c1880018ed0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
+0x0c1880018ee0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
+0x0c1880018ef0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
+Shadow byte legend (one shadow byte represents 8 application bytes):
+Addressable: 00
+Partially addressable: 01 02 03 04 05 06 07
+Heap left redzone: fa
+Freed heap region: fd
+Stack left redzone: f1
+Stack mid redzone: f2
+Stack right redzone: f3
+Stack after return: f5
+Stack use after scope: f8
+Global redzone: f9
+Global init order: f6
+Poisoned by user: f7
+Container overflow: fc
+Array cookie: ac
+Intra object redzone: bb
+ASan internal: fe
+Left alloca redzone: ca
+Right alloca redzone: cb
+==31872==ABORTING
+
+
+To reproduce this issue, please run the QEMU with the following command
+line.
+
+
+# To enable ASan option, please set configuration with the following command
+$ ./configure --target-list=i386-softmmu --disable-werror --enable-sanitizers
+$ make
+
+# To reproduce this issue, please run the QEMU process with the
+following command line.
+$ ./qemu-system-i386 -m 512 -drive
+file=./hyfuzz.img,index=0,media=disk,format=raw -device
+mptsas1068,id=scsi -device scsi-hd,drive=SysDisk -drive
+id=SysDisk,if=none,file=./disk.img
+
+CVE-2021-3392 assigned by Red Hat In.c
+
+Upstream patch
+  -> https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg00488.html
+
+Upstream commit:
+https://git.qemu.org/?p=qemu.git;a=commit;h=3791642c8d60029adf9b00bcb4e34d7d8a1aea4d
+
diff --git a/results/classifier/108/other/1914282 b/results/classifier/108/other/1914282
new file mode 100644
index 000000000..a17db003e
--- /dev/null
+++ b/results/classifier/108/other/1914282
@@ -0,0 +1,130 @@
+other: 0.788
+KVM: 0.716
+vnc: 0.710
+permissions: 0.699
+performance: 0.683
+debug: 0.652
+device: 0.645
+files: 0.638
+PID: 0.634
+semantic: 0.631
+network: 0.630
+socket: 0.608
+graphic: 0.605
+boot: 0.506
+
+block copy job sometimes hangs on the last block for minutes
+
+In openstack nova we use the block copy API to copy disks for volume swap requests. In our CI gate we observed that sometimes the block copy job progress will reach the last or next to last block and hang there for several minutes at a time, causing CI jobs to fail as jobs timeout.
+
+On the client (nova-compute) side, using the python bindings we see the following in the openstack nova logs:
+
+---------------
+
+Jan 21 05:31:02.207785 ubuntu-focal-vexxhost-ca-ymq-1-0022641000 nova-compute[93823]: DEBUG nova.virt.libvirt.guest [None req-d6170fbb-e023-4cdb-93dc-a2e9ae9b0a56 tempest-TestVolumeSwap-1117975117 tempest-TestVolumeSwap-1117975117] COPY block job progress, current cursor: 0 final cursor: 1073741824 {{(pid=93823) is_job_complete /opt/stack/nova/nova/virt/libvirt/guest.py:873}}
+
+Jan 21 05:31:55.688227 ubuntu-focal-vexxhost-ca-ymq-1-0022641000 nova-compute[93823]: DEBUG nova.virt.libvirt.guest [None req-d6170fbb-e023-4cdb-93dc-a2e9ae9b0a56 tempest-TestVolumeSwap-1117975117 tempest-TestVolumeSwap-1117975117] COPY block job progress, current cursor: 1049624576 final cursor: 1073741824 {{(pid=93823) is_job_complete /opt/stack/nova/nova/virt/libvirt/guest.py:873}}
+
+[...]
+
+Jan 21 05:31:55.706698 ubuntu-focal-vexxhost-ca-ymq-1-0022641000 nova-compute[93823]: DEBUG nova.virt.libvirt.guest [None req-d6170fbb-e023-4cdb-93dc-a2e9ae9b0a56 tempest-TestVolumeSwap-1117975117 tempest-TestVolumeSwap-1117975117] COPY block job progress, current cursor: 1049624576 final cursor: 1073741824 {{(pid=93823) is_job_complete /opt/stack/nova/nova/virt/libvirt/guest.py:873}}
+
+Jan 21 05:31:56.175248 ubuntu-focal-vexxhost-ca-ymq-1-0022641000 nova-compute[93823]: DEBUG nova.virt.libvirt.guest [None req-d6170fbb-e023-4cdb-93dc-a2e9ae9b0a56 tempest-TestVolumeSwap-1117975117 tempest-TestVolumeSwap-1117975117] COPY block job progress, current cursor: 1073741823 final cursor: 1073741824 {{(pid=93823) is_job_complete /opt/stack/nova/nova/virt/libvirt/guest.py:873}}
+
+[...]
+
+~2.5 minutes later, it's still going at current cursor: 1073741823 final cursor: 1073741824
+
+Jan 21 05:34:30.952371 ubuntu-focal-vexxhost-ca-ymq-1-0022641000 nova-compute[93823]: DEBUG nova.virt.libvirt.guest [None req-d6170fbb-e023-4cdb-93dc-a2e9ae9b0a56 tempest-TestVolumeSwap-1117975117 tempest-TestVolumeSwap-1117975117] COPY block job progress, current cursor: 1073741823 final cursor: 1073741824 {{(pid=93823) is_job_complete /opt/stack/nova/nova/virt/libvirt/guest.py:873}}
+
+then current cursor == final cursor at 05:34:31.460595
+
+Jan 21 05:34:31.460595 ubuntu-focal-vexxhost-ca-ymq-1-0022641000 nova-compute[93823]: DEBUG nova.virt.libvirt.guest [None req-d6170fbb-e023-4cdb-93dc-a2e9ae9b0a56 tempest-TestVolumeSwap-1117975117 tempest-TestVolumeSwap-1117975117] COPY block job progress, current cursor: 1073741824 final cursor: 1073741824 {{(pid=93823) is_job_complete /opt/stack/nova/nova/virt/libvirt/guest.py:873}}
+
+---------------
+
+In this excerpt the cursor reaches the next to last block at Jan 21 05:31:56.175248 and hangs there repeating status at the next to last block until Jan 21 05:34:30.952371 (~2.5 minutes) and then the job shows current cursor == final cursor at Jan 21 05:34:31.460595.
+
+In the corresponding qemu log, we see the block copy job report being on the last block for minutes:
+
+---------------
+
+021-01-21 05:31:02.206+0000: 60630: debug : qemuMonitorJSONIOProcessLine:220 : Line [{"return": [{"auto-finalize": true, "io-status": "ok", "device": "copy-vdb-libvirt-5-format", "auto-dismiss": false, "busy": true, "len": 1073741824, "offset": 0, "status": "running", "paused": false, "speed": 0, "ready": false, "type": "mirror"}], "id": "libvirt-501"}]
+2021-01-21 05:31:02.206+0000: 60630: info : qemuMonitorJSONIOProcessLine:239 : QEMU_MONITOR_RECV_REPLY: mon=0x7fd07813ec80 reply={"return": [{"auto-finalize": true, "io-status": "ok", "device": "copy-vdb-libvirt-5-format", "auto-dismiss": false, "busy": true, "len": 1073741824, "offset": 0, "status": "running", "paused": false, "speed": 0, "ready": false, "type": "mirror"}], "id": "libvirt-501"}
+
+[...]
+
+len == offset at 05:31:56.174
+
+2021-01-21 05:31:56.174+0000: 60630: debug : qemuMonitorJSONIOProcessLine:220 : Line [{"return": [{"auto-finalize": true, "io-status": "ok", "device": "copy-vdb-libvirt-5-format", "auto-dismiss": false, "busy": true, "len": 1073741824, "offset": 1073741824, "status": "running", "paused": false, "speed": 0, "ready": false, "type": "mirror"}], "id": "libvirt-581"}]
+2021-01-21 05:31:56.174+0000: 60630: info : qemuMonitorJSONIOProcessLine:239 : QEMU_MONITOR_RECV_REPLY: mon=0x7fd07813ec80 reply={"return": [{"auto-finalize": true, "io-status": "ok", "device": "copy-vdb-libvirt-5-format", "auto-dismiss": false, "busy": true, "len": 1073741824, "offset": 1073741824, "status": "running", "paused": false, "speed": 0, "ready": false, "type": "mirror"}], "id": "libvirt-581"}
+
+[...]
+
+~2.5 minutes later, still len == offset but it's still going
+
+2021-01-21 05:34:31.459+0000: 60630: debug : qemuMonitorJSONIOProcessLine:220 : Line [{"return": [{"auto-finalize": true, "io-status": "ok", "device": "copy-vdb-libvirt-5-format", "auto-dismiss": false, "busy": false, "len": 1073741824, "offset": 1073741824, "status": "ready", "paused": false, "speed": 0, "ready": true, "type": "mirror"}], "id": "libvirt-855"}]
+2021-01-21 05:34:31.459+0000: 60630: info : qemuMonitorJSONIOProcessLine:239 : QEMU_MONITOR_RECV_REPLY: mon=0x7fd07813ec80 reply={"return": [{"auto-finalize": true, "io-status": "ok", "device": "copy-vdb-libvirt-5-format", "auto-dismiss": false, "busy": false, "len": 1073741824, "offset": 1073741824, "status": "ready", "paused": false, "speed": 0, "ready": true, "type": "mirror"}], "id": "libvirt-855"}
+
+and then the job finishes soon after
+
+2021-01-21 05:34:31.467+0000: 60630: debug : qemuProcessHandleJobStatusChange:1002 : job 'copy-vdb-libvirt-5-format'(domain: 0x7fd070075720,instance-00000013) state changed to 'waiting'(6)
+
+2021-01-21 05:34:31.467+0000: 60630: debug : qemuProcessHandleJobStatusChange:1002 : job 'copy-vdb-libvirt-5-format'(domain: 0x7fd070075720,instance-00000013) state changed to 'pending'(7)
+
+2021-01-21 05:34:31.467+0000: 60630: debug : qemuProcessHandleJobStatusChange:1002 : job 'copy-vdb-libvirt-5-format'(domain: 0x7fd070075720,instance-00000013) state changed to 'concluded'(9)
+
+2021-01-21 05:34:31.468+0000: 60630: debug : qemuProcessHandleJobStatusChange:1002 : job 'copy-vdb-libvirt-5-format'(domain: 0x7fd070075720,instance-00000013) state changed to 'null'(11)
+
+2021-01-21 05:34:31.468+0000: 60634: debug : qemuBlockJobProcessEventConcludedCopyPivot:1221 : copy job 'copy-vdb-libvirt-5-format' on VM 'instance-00000013' pivoted
+
+2021-01-21 05:34:32.292+0000: 60634: debug : qemuDomainObjEndJob:9746 : Stopping job: modify (async=none vm=0x7fd070075720 name=instance-00000013)
+
+---------------
+
+Is this normal for a block copy job to hang on the last block like this for minutes at a time? Why doesn't the job close out once offset == len?
+
+Thanks for any help you can offer.
+
+openstack nova, qemu, and libvirtd log excerpts
+
+QMP exchange on the destination, as captured by  `grep -E 'QEMU_MONITOR_(SEND_MSG|RECV_REPLY)' libvirtd.log`
+
+Attaching it so that libvirt/QEMU devs can look for the QMP request/responses.
+
+(Extracted file size is ~26MB.)
+
+The QEMU project is currently moving its bug tracking to another system.
+For this we need to know which bugs are still valid and which could be
+closed already. Thus we are setting the bug state to "Incomplete" now.
+
+If the bug has already been fixed in the latest upstream version of QEMU,
+then please close this ticket as "Fix released".
+
+If it is not fixed yet and you think that this bug report here is still
+valid, then you have two options:
+
+1) If you already have an account on gitlab.com, please open a new ticket
+for this problem in our new tracker here:
+
+    https://gitlab.com/qemu-project/qemu/-/issues
+
+and then close this ticket here on Launchpad (or let it expire auto-
+matically after 60 days). Please mention the URL of this bug ticket on
+Launchpad in the new ticket on GitLab.
+
+2) If you don't have an account on gitlab.com and don't intend to get
+one, but still would like to keep this ticket opened, then please switch
+the state back to "New" or "Confirmed" within the next 60 days (other-
+wise it will get closed as "Expired"). We will then eventually migrate
+the ticket automatically to the new system (but you won't be the reporter
+of the bug in the new system and thus you won't get notified on changes
+anymore).
+
+Thank you and sorry for the inconvenience.
+
+
+Ticket has been moved to the gitlab issue tracker:
+https://gitlab.com/qemu-project/qemu/-/issues/287
+... thus I'm closing this on Launchpad now.
+
diff --git a/results/classifier/108/other/1914294 b/results/classifier/108/other/1914294
new file mode 100644
index 000000000..52b99ded2
--- /dev/null
+++ b/results/classifier/108/other/1914294
@@ -0,0 +1,70 @@
+other: 0.861
+graphic: 0.808
+performance: 0.780
+device: 0.718
+PID: 0.709
+files: 0.692
+permissions: 0.630
+semantic: 0.615
+debug: 0.605
+network: 0.583
+vnc: 0.570
+socket: 0.537
+KVM: 0.534
+boot: 0.501
+
+Windows XP displays black screen when smp option is used
+
+When I use Windows XP with the -smp option, the screen goes black. The only thing I can see is a cursor. I have tried -smp 2, -smp cores=4, and -smp cores=2.
+
+My info:
+
+Host:
+M1 Mac
+Mac OS 11.1
+QEMU 5.2 at cf7ca7d5b9faca13f1f8e3ea92cfb2f741eb0c0e.
+
+Guest:
+32-bit Windows XP SP3 build 2600.
+
+Command line to reproduce this issue: 
+qemu-system-i386 -m 700 -hda <Windows XP HD image file> -smp 2
+
+Last commit tested with this problem: 1214d55d1c41fbab3a9973a05085b8760647e411
+
+I restarted QEMU without the '-smp 2' option and Windows XP started working again. The only problem is the host CPU usage will stay at 100% even with the guest CPU load being close to 0%. The only way to fix this problem that I know currently is to reinstall Windows XP. 
+
+To fix this problem open Windows XP's System Restore and restore from a point before using the smp option.
+
+The QEMU project is currently moving its bug tracking to another system.
+For this we need to know which bugs are still valid and which could be
+closed already. Thus we are setting the bug state to "Incomplete" now.
+
+If the bug has already been fixed in the latest upstream version of QEMU,
+then please close this ticket as "Fix released".
+
+If it is not fixed yet and you think that this bug report here is still
+valid, then you have two options:
+
+1) If you already have an account on gitlab.com, please open a new ticket
+for this problem in our new tracker here:
+
+    https://gitlab.com/qemu-project/qemu/-/issues
+
+and then close this ticket here on Launchpad (or let it expire auto-
+matically after 60 days). Please mention the URL of this bug ticket on
+Launchpad in the new ticket on GitLab.
+
+2) If you don't have an account on gitlab.com and don't intend to get
+one, but still would like to keep this ticket opened, then please switch
+the state back to "New" or "Confirmed" within the next 60 days (other-
+wise it will get closed as "Expired"). We will then eventually migrate
+the ticket automatically to the new system (but you won't be the reporter
+of the bug in the new system and thus you won't get notified on changes
+anymore).
+
+Thank you and sorry for the inconvenience.
+
+
+[Expired for QEMU because there has been no activity for 60 days.]
+
diff --git a/results/classifier/108/other/1914638 b/results/classifier/108/other/1914638
new file mode 100644
index 000000000..7f7e91655
--- /dev/null
+++ b/results/classifier/108/other/1914638
@@ -0,0 +1,601 @@
+other: 0.889
+vnc: 0.852
+KVM: 0.820
+permissions: 0.816
+device: 0.799
+PID: 0.793
+debug: 0.789
+semantic: 0.779
+performance: 0.773
+socket: 0.767
+files: 0.760
+boot: 0.757
+graphic: 0.746
+network: 0.712
+
+[OSS-Fuzz] Issue 30219: Global-buffer-overflow in mode_sense_page
+
+== Reproducer (build with --enable-sanitizers) ==
+
+cat << EOF | ./qemu-system-i386 -machine q35 -nodefaults \
+-device megasas -device scsi-cd,drive=null0 \
+-blockdev driver=null-co,read-zeroes=on,node-name=null0 \
+-nographic -qtest stdio
+outl 0xcf8 0x80000818
+outl 0xcfc 0xc000
+outl 0xcf8 0x80000804
+outw 0xcfc 0x7
+write 0x0 0x1 0x03
+write 0x7 0x1 0x3f
+write 0x10 0x1 0x03
+write 0x20 0x1 0x55
+write 0x21 0x1 0x10
+write 0x28 0x1 0x10
+write 0x30 0x1 0xff
+write 0x31 0x1 0xff
+write 0x32 0x1 0xff
+write 0x33 0x1 0xff
+write 0x34 0x1 0xff
+write 0x35 0x1 0xff
+write 0x36 0x1 0xff
+write 0x37 0x1 0xff
+write 0x3b 0x1 0x10
+write 0x43 0x1 0x10
+write 0x44 0x1 0x10
+write 0x4f 0x1 0x10
+write 0x53 0x1 0x10
+write 0x5b 0x1 0x10
+write 0x5f 0x1 0x10
+write 0x67 0x1 0x10
+write 0x6b 0x1 0x10
+write 0x73 0x1 0x10
+write 0x75 0x1 0x10
+write 0x7d 0x1 0x10
+write 0x83 0x1 0x10
+write 0x8b 0x1 0x10
+write 0x8f 0x1 0x10
+write 0x97 0x1 0x10
+write 0x9b 0x1 0x10
+write 0xa3 0x1 0x03
+write 0xa6 0x1 0x10
+write 0xae 0x1 0x10
+write 0xb3 0x1 0x10
+write 0xbb 0x1 0x10
+write 0xbf 0x1 0x10
+write 0xc7 0x1 0x10
+write 0xca 0x1 0x10
+write 0xd3 0x1 0x06
+write 0xd7 0x1 0x10
+write 0xdf 0x1 0x10
+write 0xe3 0x1 0x06
+write 0xeb 0x1 0x01
+write 0xef 0x1 0x10
+write 0xf7 0x1 0x10
+write 0xfb 0x1 0x10
+write 0x103 0x1 0x20
+write 0x107 0x1 0x10
+write 0x10f 0x1 0x10
+write 0x113 0x1 0x10
+write 0x11b 0x1 0x10
+write 0x11f 0x1 0x10
+write 0x127 0x1 0x10
+write 0x12b 0x1 0x10
+write 0x130 0x1 0x10
+write 0x137 0x1 0x10
+write 0x13f 0x1 0x40
+write 0x141 0x1 0x10
+write 0x14b 0x1 0x10
+write 0x14f 0x1 0x10
+write 0x157 0x1 0x10
+write 0x15b 0x1 0x10
+write 0x161 0x1 0x10
+write 0x167 0x1 0x03
+write 0x16f 0x1 0x06
+write 0x172 0x1 0x10
+write 0x17b 0x1 0x10
+write 0x17f 0x1 0x10
+write 0x187 0x1 0x10
+write 0x18b 0x1 0x10
+write 0x192 0x1 0x10
+write 0x197 0x1 0x06
+write 0x19f 0x1 0x20
+write 0x1a3 0x1 0x10
+write 0x1ab 0x1 0x40
+write 0x1af 0x1 0x01
+write 0x1b7 0x1 0x10
+write 0x1bb 0x1 0x20
+write 0x1c3 0x1 0x10
+write 0x1c7 0x1 0x20
+write 0x1cc 0x1 0x10
+write 0x1d3 0x1 0x10
+write 0x1db 0x1 0x10
+write 0x1df 0x1 0x10
+write 0x1e7 0x1 0x10
+write 0x1eb 0x1 0x10
+write 0x1f3 0x1 0x10
+write 0x1f4 0x1 0x10
+write 0x1fd 0x1 0x10
+write 0x203 0x1 0x40
+write 0x20b 0x1 0x10
+write 0x20f 0x1 0x10
+write 0x217 0x1 0x10
+write 0x21b 0x1 0x10
+write 0x223 0x1 0x10
+write 0x225 0x1 0x10
+write 0x22e 0x1 0x10
+write 0x233 0x1 0x06
+write 0x23b 0x1 0x10
+write 0x23f 0x1 0x10
+write 0x247 0x1 0x10
+write 0x24b 0x1 0x10
+write 0x252 0x1 0x10
+write 0x256 0x1 0x10
+write 0x25f 0x1 0x10
+write 0x263 0x1 0x20
+write 0x26b 0x1 0x06
+write 0x26f 0x1 0x40
+write 0x277 0x1 0x10
+write 0x27b 0x1 0x10
+write 0x283 0x1 0x10
+write 0x287 0x1 0x10
+write 0x28f 0x1 0x10
+write 0x290 0x1 0x10
+write 0x29b 0x1 0x10
+write 0x29f 0x1 0x10
+write 0x2a7 0x1 0x10
+write 0x2ab 0x1 0x10
+write 0x2b3 0x1 0x10
+write 0x2b7 0x1 0x10
+write 0x2bf 0x1 0x10
+write 0x2c1 0x1 0x10
+write 0x2c9 0x1 0x10
+write 0x2cf 0x1 0x10
+write 0x2d7 0x1 0x10
+write 0x2db 0x1 0x10
+write 0x2e3 0x1 0x10
+write 0x2e7 0x1 0x10
+write 0x2ef 0x1 0x03
+write 0x2f2 0x1 0x10
+write 0x2fa 0x1 0x10
+write 0x2ff 0x1 0x10
+write 0x307 0x1 0x10
+write 0x30b 0x1 0x10
+write 0x313 0x1 0x10
+write 0x316 0x1 0x10
+write 0x31f 0x1 0x06
+write 0x323 0x1 0x10
+outb 0xc040 0x0
+EOF
+
+=== Stack Trace ===
+==1025760==ERROR: AddressSanitizer: global-buffer-overflow on address 0x558f557253fc at pc 0x558f549ab376 bp
+0x7ffd436e9770 sp 0x7ffd436e9768
+READ of size 4 at 0x558f557253fc thread T0
+SCARINESS: 17 (4-byte-read-global-buffer-overflow)
+#0 0x558f549ab375 in mode_sense_page /src/qemu/hw/scsi/scsi-disk.c:1104:10
+#1 0x558f549afd86 in scsi_disk_check_mode_select /src/qemu/hw/scsi/scsi-disk.c:1447:11
+#2 0x558f549af9a6 in mode_select_pages /src/qemu/hw/scsi/scsi-disk.c:1515:17
+#3 0x558f549ae593 in scsi_disk_emulate_mode_select /src/qemu/hw/scsi/scsi-disk.c:1570:13
+#4 0x558f549a56e9 in scsi_disk_emulate_write_data /src/qemu/hw/scsi/scsi-disk.c:1861:9
+#5 0x558f548b9b49 in scsi_req_continue /src/qemu/hw/scsi/scsi-bus.c:0
+#6 0x558f548b9fc4 in scsi_req_data /src/qemu/hw/scsi/scsi-bus.c:1427:5
+#7 0x558f549a5554 in scsi_disk_emulate_write_data /src/qemu/hw/scsi/scsi-disk.c:1853:9
+#8 0x558f548b9b49 in scsi_req_continue /src/qemu/hw/scsi/scsi-bus.c:0
+#9 0x558f54ac7cf6 in megasas_enqueue_req /src/qemu/hw/scsi/megasas.c:1660:9
+#10 0x558f54ab6e09 in megasas_handle_scsi /src/qemu/hw/scsi/megasas.c:1735:5
+#11 0x558f54ab3083 in megasas_handle_frame /src/qemu/hw/scsi/megasas.c:1974:24
+#12 0x558f54ab1c8b in megasas_mmio_write /src/qemu/hw/scsi/megasas.c:2131:9
+#13 0x558f54acc784 in megasas_port_write /src/qemu/hw/scsi/megasas.c:2182:5
+#14 0x558f54f78d57 in memory_region_write_accessor /src/qemu/softmmu/memory.c:491:5
+#15 0x558f54f78be2 in access_with_adjusted_size /src/qemu/softmmu/memory.c:552:18
+#16 0x558f54f78441 in memory_region_dispatch_write /src/qemu/softmmu/memory.c:0:13
+#17 0x558f550d5627 in flatview_write_continue /src/qemu/softmmu/physmem.c:2763:23
+#18 0x558f550d02ac in flatview_write /src/qemu/softmmu/physmem.c:2803:14
+#19 0x558f550d00c7 in address_space_write /src/qemu/softmmu/physmem.c:2895:18
+#20 0x558f5506c4ff in cpu_outb /src/qemu/softmmu/ioport.c:60:5
+
++CC Paolo and Fam
+
+scsi-disk.c:1092     static const int mode_sense_valid[0x3f] =
+...
+scsi-disk.c:1488          page = p[0] & 0x3f;
+
+OSS-Fuzz found this same crash for virtio-scsi, however, since the
+reproducer involved a double-fetch, I don't have a simple QTest
+reproducer
+
+On 210204 1728, Alexander Bulekov wrote:
+> Public bug reported:
+> 
+> == Reproducer (build with --enable-sanitizers) ==
+> 
+> cat << EOF | ./qemu-system-i386 -machine q35 -nodefaults \
+> -device megasas -device scsi-cd,drive=null0 \
+> -blockdev driver=null-co,read-zeroes=on,node-name=null0 \
+> -nographic -qtest stdio
+> outl 0xcf8 0x80000818
+> outl 0xcfc 0xc000
+> outl 0xcf8 0x80000804
+> outw 0xcfc 0x7
+> write 0x0 0x1 0x03
+> write 0x7 0x1 0x3f
+> write 0x10 0x1 0x03
+> write 0x20 0x1 0x55
+> write 0x21 0x1 0x10
+> write 0x28 0x1 0x10
+> write 0x30 0x1 0xff
+> write 0x31 0x1 0xff
+> write 0x32 0x1 0xff
+> write 0x33 0x1 0xff
+> write 0x34 0x1 0xff
+> write 0x35 0x1 0xff
+> write 0x36 0x1 0xff
+> write 0x37 0x1 0xff
+> write 0x3b 0x1 0x10
+> write 0x43 0x1 0x10
+> write 0x44 0x1 0x10
+> write 0x4f 0x1 0x10
+> write 0x53 0x1 0x10
+> write 0x5b 0x1 0x10
+> write 0x5f 0x1 0x10
+> write 0x67 0x1 0x10
+> write 0x6b 0x1 0x10
+> write 0x73 0x1 0x10
+> write 0x75 0x1 0x10
+> write 0x7d 0x1 0x10
+> write 0x83 0x1 0x10
+> write 0x8b 0x1 0x10
+> write 0x8f 0x1 0x10
+> write 0x97 0x1 0x10
+> write 0x9b 0x1 0x10
+> write 0xa3 0x1 0x03
+> write 0xa6 0x1 0x10
+> write 0xae 0x1 0x10
+> write 0xb3 0x1 0x10
+> write 0xbb 0x1 0x10
+> write 0xbf 0x1 0x10
+> write 0xc7 0x1 0x10
+> write 0xca 0x1 0x10
+> write 0xd3 0x1 0x06
+> write 0xd7 0x1 0x10
+> write 0xdf 0x1 0x10
+> write 0xe3 0x1 0x06
+> write 0xeb 0x1 0x01
+> write 0xef 0x1 0x10
+> write 0xf7 0x1 0x10
+> write 0xfb 0x1 0x10
+> write 0x103 0x1 0x20
+> write 0x107 0x1 0x10
+> write 0x10f 0x1 0x10
+> write 0x113 0x1 0x10
+> write 0x11b 0x1 0x10
+> write 0x11f 0x1 0x10
+> write 0x127 0x1 0x10
+> write 0x12b 0x1 0x10
+> write 0x130 0x1 0x10
+> write 0x137 0x1 0x10
+> write 0x13f 0x1 0x40
+> write 0x141 0x1 0x10
+> write 0x14b 0x1 0x10
+> write 0x14f 0x1 0x10
+> write 0x157 0x1 0x10
+> write 0x15b 0x1 0x10
+> write 0x161 0x1 0x10
+> write 0x167 0x1 0x03
+> write 0x16f 0x1 0x06
+> write 0x172 0x1 0x10
+> write 0x17b 0x1 0x10
+> write 0x17f 0x1 0x10
+> write 0x187 0x1 0x10
+> write 0x18b 0x1 0x10
+> write 0x192 0x1 0x10
+> write 0x197 0x1 0x06
+> write 0x19f 0x1 0x20
+> write 0x1a3 0x1 0x10
+> write 0x1ab 0x1 0x40
+> write 0x1af 0x1 0x01
+> write 0x1b7 0x1 0x10
+> write 0x1bb 0x1 0x20
+> write 0x1c3 0x1 0x10
+> write 0x1c7 0x1 0x20
+> write 0x1cc 0x1 0x10
+> write 0x1d3 0x1 0x10
+> write 0x1db 0x1 0x10
+> write 0x1df 0x1 0x10
+> write 0x1e7 0x1 0x10
+> write 0x1eb 0x1 0x10
+> write 0x1f3 0x1 0x10
+> write 0x1f4 0x1 0x10
+> write 0x1fd 0x1 0x10
+> write 0x203 0x1 0x40
+> write 0x20b 0x1 0x10
+> write 0x20f 0x1 0x10
+> write 0x217 0x1 0x10
+> write 0x21b 0x1 0x10
+> write 0x223 0x1 0x10
+> write 0x225 0x1 0x10
+> write 0x22e 0x1 0x10
+> write 0x233 0x1 0x06
+> write 0x23b 0x1 0x10
+> write 0x23f 0x1 0x10
+> write 0x247 0x1 0x10
+> write 0x24b 0x1 0x10
+> write 0x252 0x1 0x10
+> write 0x256 0x1 0x10
+> write 0x25f 0x1 0x10
+> write 0x263 0x1 0x20
+> write 0x26b 0x1 0x06
+> write 0x26f 0x1 0x40
+> write 0x277 0x1 0x10
+> write 0x27b 0x1 0x10
+> write 0x283 0x1 0x10
+> write 0x287 0x1 0x10
+> write 0x28f 0x1 0x10
+> write 0x290 0x1 0x10
+> write 0x29b 0x1 0x10
+> write 0x29f 0x1 0x10
+> write 0x2a7 0x1 0x10
+> write 0x2ab 0x1 0x10
+> write 0x2b3 0x1 0x10
+> write 0x2b7 0x1 0x10
+> write 0x2bf 0x1 0x10
+> write 0x2c1 0x1 0x10
+> write 0x2c9 0x1 0x10
+> write 0x2cf 0x1 0x10
+> write 0x2d7 0x1 0x10
+> write 0x2db 0x1 0x10
+> write 0x2e3 0x1 0x10
+> write 0x2e7 0x1 0x10
+> write 0x2ef 0x1 0x03
+> write 0x2f2 0x1 0x10
+> write 0x2fa 0x1 0x10
+> write 0x2ff 0x1 0x10
+> write 0x307 0x1 0x10
+> write 0x30b 0x1 0x10
+> write 0x313 0x1 0x10
+> write 0x316 0x1 0x10
+> write 0x31f 0x1 0x06
+> write 0x323 0x1 0x10
+> outb 0xc040 0x0
+> EOF
+> 
+> === Stack Trace ===
+> ==1025760==ERROR: AddressSanitizer: global-buffer-overflow on address 0x558f557253fc at pc 0x558f549ab376 bp
+> 0x7ffd436e9770 sp 0x7ffd436e9768
+> READ of size 4 at 0x558f557253fc thread T0
+> SCARINESS: 17 (4-byte-read-global-buffer-overflow)
+> #0 0x558f549ab375 in mode_sense_page /src/qemu/hw/scsi/scsi-disk.c:1104:10
+> #1 0x558f549afd86 in scsi_disk_check_mode_select /src/qemu/hw/scsi/scsi-disk.c:1447:11
+> #2 0x558f549af9a6 in mode_select_pages /src/qemu/hw/scsi/scsi-disk.c:1515:17
+> #3 0x558f549ae593 in scsi_disk_emulate_mode_select /src/qemu/hw/scsi/scsi-disk.c:1570:13
+> #4 0x558f549a56e9 in scsi_disk_emulate_write_data /src/qemu/hw/scsi/scsi-disk.c:1861:9
+> #5 0x558f548b9b49 in scsi_req_continue /src/qemu/hw/scsi/scsi-bus.c:0
+> #6 0x558f548b9fc4 in scsi_req_data /src/qemu/hw/scsi/scsi-bus.c:1427:5
+> #7 0x558f549a5554 in scsi_disk_emulate_write_data /src/qemu/hw/scsi/scsi-disk.c:1853:9
+> #8 0x558f548b9b49 in scsi_req_continue /src/qemu/hw/scsi/scsi-bus.c:0
+> #9 0x558f54ac7cf6 in megasas_enqueue_req /src/qemu/hw/scsi/megasas.c:1660:9
+> #10 0x558f54ab6e09 in megasas_handle_scsi /src/qemu/hw/scsi/megasas.c:1735:5
+> #11 0x558f54ab3083 in megasas_handle_frame /src/qemu/hw/scsi/megasas.c:1974:24
+> #12 0x558f54ab1c8b in megasas_mmio_write /src/qemu/hw/scsi/megasas.c:2131:9
+> #13 0x558f54acc784 in megasas_port_write /src/qemu/hw/scsi/megasas.c:2182:5
+> #14 0x558f54f78d57 in memory_region_write_accessor /src/qemu/softmmu/memory.c:491:5
+> #15 0x558f54f78be2 in access_with_adjusted_size /src/qemu/softmmu/memory.c:552:18
+> #16 0x558f54f78441 in memory_region_dispatch_write /src/qemu/softmmu/memory.c:0:13
+> #17 0x558f550d5627 in flatview_write_continue /src/qemu/softmmu/physmem.c:2763:23
+> #18 0x558f550d02ac in flatview_write /src/qemu/softmmu/physmem.c:2803:14
+> #19 0x558f550d00c7 in address_space_write /src/qemu/softmmu/physmem.c:2895:18
+> #20 0x558f5506c4ff in cpu_outb /src/qemu/softmmu/ioport.c:60:5
+> 
+> ** Affects: qemu
+>      Importance: Undecided
+>          Status: New
+> 
+> -- 
+> You received this bug notification because you are a member of qemu-
+> devel-ml, which is subscribed to QEMU.
+> https://bugs.launchpad.net/bugs/1914638
+> 
+> Title:
+>   [OSS-Fuzz] Issue 30219: Global-buffer-overflow in mode_sense_page
+> 
+> Status in QEMU:
+>   New
+> 
+> Bug description:
+>   == Reproducer (build with --enable-sanitizers) ==
+> 
+>   cat << EOF | ./qemu-system-i386 -machine q35 -nodefaults \
+>   -device megasas -device scsi-cd,drive=null0 \
+>   -blockdev driver=null-co,read-zeroes=on,node-name=null0 \
+>   -nographic -qtest stdio
+>   outl 0xcf8 0x80000818
+>   outl 0xcfc 0xc000
+>   outl 0xcf8 0x80000804
+>   outw 0xcfc 0x7
+>   write 0x0 0x1 0x03
+>   write 0x7 0x1 0x3f
+>   write 0x10 0x1 0x03
+>   write 0x20 0x1 0x55
+>   write 0x21 0x1 0x10
+>   write 0x28 0x1 0x10
+>   write 0x30 0x1 0xff
+>   write 0x31 0x1 0xff
+>   write 0x32 0x1 0xff
+>   write 0x33 0x1 0xff
+>   write 0x34 0x1 0xff
+>   write 0x35 0x1 0xff
+>   write 0x36 0x1 0xff
+>   write 0x37 0x1 0xff
+>   write 0x3b 0x1 0x10
+>   write 0x43 0x1 0x10
+>   write 0x44 0x1 0x10
+>   write 0x4f 0x1 0x10
+>   write 0x53 0x1 0x10
+>   write 0x5b 0x1 0x10
+>   write 0x5f 0x1 0x10
+>   write 0x67 0x1 0x10
+>   write 0x6b 0x1 0x10
+>   write 0x73 0x1 0x10
+>   write 0x75 0x1 0x10
+>   write 0x7d 0x1 0x10
+>   write 0x83 0x1 0x10
+>   write 0x8b 0x1 0x10
+>   write 0x8f 0x1 0x10
+>   write 0x97 0x1 0x10
+>   write 0x9b 0x1 0x10
+>   write 0xa3 0x1 0x03
+>   write 0xa6 0x1 0x10
+>   write 0xae 0x1 0x10
+>   write 0xb3 0x1 0x10
+>   write 0xbb 0x1 0x10
+>   write 0xbf 0x1 0x10
+>   write 0xc7 0x1 0x10
+>   write 0xca 0x1 0x10
+>   write 0xd3 0x1 0x06
+>   write 0xd7 0x1 0x10
+>   write 0xdf 0x1 0x10
+>   write 0xe3 0x1 0x06
+>   write 0xeb 0x1 0x01
+>   write 0xef 0x1 0x10
+>   write 0xf7 0x1 0x10
+>   write 0xfb 0x1 0x10
+>   write 0x103 0x1 0x20
+>   write 0x107 0x1 0x10
+>   write 0x10f 0x1 0x10
+>   write 0x113 0x1 0x10
+>   write 0x11b 0x1 0x10
+>   write 0x11f 0x1 0x10
+>   write 0x127 0x1 0x10
+>   write 0x12b 0x1 0x10
+>   write 0x130 0x1 0x10
+>   write 0x137 0x1 0x10
+>   write 0x13f 0x1 0x40
+>   write 0x141 0x1 0x10
+>   write 0x14b 0x1 0x10
+>   write 0x14f 0x1 0x10
+>   write 0x157 0x1 0x10
+>   write 0x15b 0x1 0x10
+>   write 0x161 0x1 0x10
+>   write 0x167 0x1 0x03
+>   write 0x16f 0x1 0x06
+>   write 0x172 0x1 0x10
+>   write 0x17b 0x1 0x10
+>   write 0x17f 0x1 0x10
+>   write 0x187 0x1 0x10
+>   write 0x18b 0x1 0x10
+>   write 0x192 0x1 0x10
+>   write 0x197 0x1 0x06
+>   write 0x19f 0x1 0x20
+>   write 0x1a3 0x1 0x10
+>   write 0x1ab 0x1 0x40
+>   write 0x1af 0x1 0x01
+>   write 0x1b7 0x1 0x10
+>   write 0x1bb 0x1 0x20
+>   write 0x1c3 0x1 0x10
+>   write 0x1c7 0x1 0x20
+>   write 0x1cc 0x1 0x10
+>   write 0x1d3 0x1 0x10
+>   write 0x1db 0x1 0x10
+>   write 0x1df 0x1 0x10
+>   write 0x1e7 0x1 0x10
+>   write 0x1eb 0x1 0x10
+>   write 0x1f3 0x1 0x10
+>   write 0x1f4 0x1 0x10
+>   write 0x1fd 0x1 0x10
+>   write 0x203 0x1 0x40
+>   write 0x20b 0x1 0x10
+>   write 0x20f 0x1 0x10
+>   write 0x217 0x1 0x10
+>   write 0x21b 0x1 0x10
+>   write 0x223 0x1 0x10
+>   write 0x225 0x1 0x10
+>   write 0x22e 0x1 0x10
+>   write 0x233 0x1 0x06
+>   write 0x23b 0x1 0x10
+>   write 0x23f 0x1 0x10
+>   write 0x247 0x1 0x10
+>   write 0x24b 0x1 0x10
+>   write 0x252 0x1 0x10
+>   write 0x256 0x1 0x10
+>   write 0x25f 0x1 0x10
+>   write 0x263 0x1 0x20
+>   write 0x26b 0x1 0x06
+>   write 0x26f 0x1 0x40
+>   write 0x277 0x1 0x10
+>   write 0x27b 0x1 0x10
+>   write 0x283 0x1 0x10
+>   write 0x287 0x1 0x10
+>   write 0x28f 0x1 0x10
+>   write 0x290 0x1 0x10
+>   write 0x29b 0x1 0x10
+>   write 0x29f 0x1 0x10
+>   write 0x2a7 0x1 0x10
+>   write 0x2ab 0x1 0x10
+>   write 0x2b3 0x1 0x10
+>   write 0x2b7 0x1 0x10
+>   write 0x2bf 0x1 0x10
+>   write 0x2c1 0x1 0x10
+>   write 0x2c9 0x1 0x10
+>   write 0x2cf 0x1 0x10
+>   write 0x2d7 0x1 0x10
+>   write 0x2db 0x1 0x10
+>   write 0x2e3 0x1 0x10
+>   write 0x2e7 0x1 0x10
+>   write 0x2ef 0x1 0x03
+>   write 0x2f2 0x1 0x10
+>   write 0x2fa 0x1 0x10
+>   write 0x2ff 0x1 0x10
+>   write 0x307 0x1 0x10
+>   write 0x30b 0x1 0x10
+>   write 0x313 0x1 0x10
+>   write 0x316 0x1 0x10
+>   write 0x31f 0x1 0x06
+>   write 0x323 0x1 0x10
+>   outb 0xc040 0x0
+>   EOF
+> 
+>   === Stack Trace ===
+>   ==1025760==ERROR: AddressSanitizer: global-buffer-overflow on address 0x558f557253fc at pc 0x558f549ab376 bp
+>   0x7ffd436e9770 sp 0x7ffd436e9768
+>   READ of size 4 at 0x558f557253fc thread T0
+>   SCARINESS: 17 (4-byte-read-global-buffer-overflow)
+>   #0 0x558f549ab375 in mode_sense_page /src/qemu/hw/scsi/scsi-disk.c:1104:10
+>   #1 0x558f549afd86 in scsi_disk_check_mode_select /src/qemu/hw/scsi/scsi-disk.c:1447:11
+>   #2 0x558f549af9a6 in mode_select_pages /src/qemu/hw/scsi/scsi-disk.c:1515:17
+>   #3 0x558f549ae593 in scsi_disk_emulate_mode_select /src/qemu/hw/scsi/scsi-disk.c:1570:13
+>   #4 0x558f549a56e9 in scsi_disk_emulate_write_data /src/qemu/hw/scsi/scsi-disk.c:1861:9
+>   #5 0x558f548b9b49 in scsi_req_continue /src/qemu/hw/scsi/scsi-bus.c:0
+>   #6 0x558f548b9fc4 in scsi_req_data /src/qemu/hw/scsi/scsi-bus.c:1427:5
+>   #7 0x558f549a5554 in scsi_disk_emulate_write_data /src/qemu/hw/scsi/scsi-disk.c:1853:9
+>   #8 0x558f548b9b49 in scsi_req_continue /src/qemu/hw/scsi/scsi-bus.c:0
+>   #9 0x558f54ac7cf6 in megasas_enqueue_req /src/qemu/hw/scsi/megasas.c:1660:9
+>   #10 0x558f54ab6e09 in megasas_handle_scsi /src/qemu/hw/scsi/megasas.c:1735:5
+>   #11 0x558f54ab3083 in megasas_handle_frame /src/qemu/hw/scsi/megasas.c:1974:24
+>   #12 0x558f54ab1c8b in megasas_mmio_write /src/qemu/hw/scsi/megasas.c:2131:9
+>   #13 0x558f54acc784 in megasas_port_write /src/qemu/hw/scsi/megasas.c:2182:5
+>   #14 0x558f54f78d57 in memory_region_write_accessor /src/qemu/softmmu/memory.c:491:5
+>   #15 0x558f54f78be2 in access_with_adjusted_size /src/qemu/softmmu/memory.c:552:18
+>   #16 0x558f54f78441 in memory_region_dispatch_write /src/qemu/softmmu/memory.c:0:13
+>   #17 0x558f550d5627 in flatview_write_continue /src/qemu/softmmu/physmem.c:2763:23
+>   #18 0x558f550d02ac in flatview_write /src/qemu/softmmu/physmem.c:2803:14
+>   #19 0x558f550d00c7 in address_space_write /src/qemu/softmmu/physmem.c:2895:18
+>   #20 0x558f5506c4ff in cpu_outb /src/qemu/softmmu/ioport.c:60:5
+> 
+> To manage notifications about this bug go to:
+> https://bugs.launchpad.net/qemu/+bug/1914638/+subscriptions
+> 
+
+
+Proposed fix:
+https://<email address hidden>/msg779652.html
+
+What happened to your patch, Philippe? Did it get stalled?
+
+I moved this report over to QEMU's new bug tracker on gitlab.com.
+Please continue with the discussion here:
+
+https://gitlab.com/qemu-project/qemu/-/issues/546
+
+Thanks for moving it over! ... let's close this one here on Launchpad now.
+
+
diff --git a/results/classifier/108/other/1914667 b/results/classifier/108/other/1914667
new file mode 100644
index 000000000..4c1a9de2f
--- /dev/null
+++ b/results/classifier/108/other/1914667
@@ -0,0 +1,88 @@
+device: 0.752
+graphic: 0.727
+PID: 0.711
+permissions: 0.702
+other: 0.681
+network: 0.671
+socket: 0.630
+semantic: 0.625
+files: 0.625
+performance: 0.601
+debug: 0.579
+vnc: 0.577
+boot: 0.521
+KVM: 0.506
+
+High cpu usage when guest is idle on qemu-system-i386
+
+When running Windows XP in qemu-system-i386, the cpu usage of QEMU is about 100% even when the guest CPU usage is close to 2%. The host cpu usage should be low when the guest cpu usage is low.
+
+Command: qemu-system-i386 -hda <Windows XP HD image>
+
+Using this command also shows around 100% host CPU usage:
+qemu-system-i386 -m 700 -hda <Windows XP HD image> -usb -device usb-audio -net nic,model=rtl8139 -net user -hdb mountable.img -soundhw pcspk
+
+Using the Penryn CPU option also saw this problem:
+qemu-system-i386 -hda <Windows XP HD image> -m 700 -cpu Penryn-v1
+
+Using "-cpu pentium2" saw the same high host cpu usage.
+
+
+My Info:
+M1 MacBook Air
+Mac OS 11.1
+qemu-system-i386 version 5.2 (1ba089f2255bfdb071be3ce6ac6c3069e8012179)
+Windows XP SP3 Build 2600
+
+
+
+Just to compare notes I ran my same Windows XP image on an older version of QEMU. This is version 2.10.1. It was built for the x86_64 architecture. The host CPU architecture is aarm64. The host CPU usage was actually very low when the guest CPU usage was low. The guest was using about 8% and the host usage was around 14%.
+
+For version 5.2 of qemu-system-i386 the instruction the guest is busy executing over and over again is this: addb %al, (%eax)
+
+For version 2.10.1 this is the instruction that is being executed when the guest is idle:
+add %al,(%eax)
+
+
+After updating QEMU to 1214d55d1c41fbab3a9973a05085b8760647e411, I reinstalled Windows XP and the host CPU usage at idle was normal. My guess is that I picked a bad commit to reinstall Windows XP.
+
+I tried using "-smp 4". Windows XP started up to a black screen. When I restarted the problem with high CPU usage at idle was back. I did not use the "-smp 4" option after restarting.
+
+When I first specified the '-smp 4' option I saw Windows install something then have the computer restarted.
+
+
+
+I found a way to fix the high host cpu usage issue. To fix this issue click on Start->All Programs->Accessories->System Tools->System Restore. Then pick a restore point that is set before you tried the smp option. After the VM restarts the high CPU usage issue will be gone :)
+
+The QEMU project is currently moving its bug tracking to another system.
+For this we need to know which bugs are still valid and which could be
+closed already. Thus we are setting the bug state to "Incomplete" now.
+
+If the bug has already been fixed in the latest upstream version of QEMU,
+then please close this ticket as "Fix released".
+
+If it is not fixed yet and you think that this bug report here is still
+valid, then you have two options:
+
+1) If you already have an account on gitlab.com, please open a new ticket
+for this problem in our new tracker here:
+
+    https://gitlab.com/qemu-project/qemu/-/issues
+
+and then close this ticket here on Launchpad (or let it expire auto-
+matically after 60 days). Please mention the URL of this bug ticket on
+Launchpad in the new ticket on GitLab.
+
+2) If you don't have an account on gitlab.com and don't intend to get
+one, but still would like to keep this ticket opened, then please switch
+the state back to "New" or "Confirmed" within the next 60 days (other-
+wise it will get closed as "Expired"). We will then eventually migrate
+the ticket automatically to the new system (but you won't be the reporter
+of the bug in the new system and thus you won't get notified on changes
+anymore).
+
+Thank you and sorry for the inconvenience.
+
+
+[Expired for QEMU because there has been no activity for 60 days.]
+
diff --git a/results/classifier/108/other/1914696 b/results/classifier/108/other/1914696
new file mode 100644
index 000000000..413c2e7da
--- /dev/null
+++ b/results/classifier/108/other/1914696
@@ -0,0 +1,139 @@
+KVM: 0.657
+vnc: 0.617
+other: 0.594
+debug: 0.520
+graphic: 0.511
+performance: 0.502
+permissions: 0.496
+device: 0.478
+files: 0.474
+PID: 0.468
+semantic: 0.454
+boot: 0.437
+socket: 0.432
+network: 0.416
+
+aarch64: migration failed: Segmentation fault (core dumped)
+
+reproduce:
+
+arch: aarch64
+source qemu: v4.2.0
+destination qemu: 1ed9228f63ea4bcc0ae240365305ee264e9189ce
+
+cmdline:
+source: 
+$ ./aarch64-softmmu/qemu-system-aarch64     -name 'avocado-vt-vm1'    -machine virt-4.2,gic-version=host,graphics=on     -nodefaults     -m 1024      -smp 2      -cpu 'host'     -vnc :10      -enable-kvm     -monitor stdio
+(qemu) 
+(qemu) migrate -d tcp:10.19.241.167:888
+(qemu) info status
+VM status: paused (postmigrate)
+
+destination: 
+./build/aarch64-softmmu/qemu-system-aarch64 -name 'avocado-vt-vm1'  -machine virt-4.2,gic-version=host,graphics=on     -nodefaults     -m 1024      -smp 2      -cpu 'host'     -vnc :10      -enable-kvm     -monitor stdio -incoming tcp:0:888
+QEMU 5.2.50 monitor - type 'help' for more information
+(qemu) Segmentation fault (core dumped)
+
+
+i have bisected and confirmed that the first bad commit is: [f9506e162c33e87b609549157dd8431fcc732085] target/arm: Remove ARM_FEATURE_VFP*
+
+bisect log:
+git bisect log
+# bad: [1ed9228f63ea4bcc0ae240365305ee264e9189ce] Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2021-02-02-v2' into staging
+git bisect bad 1ed9228f63ea4bcc0ae240365305ee264e9189ce
+# good: [b0ca999a43a22b38158a222233d3f5881648bb4f] Update version for v4.2.0 release
+git bisect good b0ca999a43a22b38158a222233d3f5881648bb4f
+# bad: [59093cc407cb044c72aa786006a07bd404eb36b9] hw/char: Convert the Ibex UART to use the registerfields API
+git bisect bad 59093cc407cb044c72aa786006a07bd404eb36b9
+# bad: [4dabf39592e92d692c6f2a1633571114ae25d843] aspeed/smc: Fix DMA support for AST2600
+git bisect bad 4dabf39592e92d692c6f2a1633571114ae25d843
+# good: [93c86fff53a267f657e79ec07dcd04b63882e330] Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20200207' into staging
+git bisect good 93c86fff53a267f657e79ec07dcd04b63882e330
+# bad: [2ac031d171ccd18c973014d9978b4a63f0ad5fb0] Merge remote-tracking branch 'remotes/palmer/tags/riscv-for-master-5.0-sf3' into staging
+git bisect bad 2ac031d171ccd18c973014d9978b4a63f0ad5fb0
+# good: [4036b7d1cd9fb1097a5f4bc24d7d31744256260f] target/arm: Use isar_feature function for testing AA32HPD feature
+git bisect good 4036b7d1cd9fb1097a5f4bc24d7d31744256260f
+# good: [002375895c10df40615fc615e2639f49e0c442fe] tests/iotests: be a little more forgiving on the size test
+git bisect good 002375895c10df40615fc615e2639f49e0c442fe
+# good: [c695724868ce4049fd79c5a509880dbdf171e744] target/riscv: Emulate TIME CSRs for privileged mode
+git bisect good c695724868ce4049fd79c5a509880dbdf171e744
+# good: [f67957e17cbf8fc3cc5d1146a2db2023404578b0] target/arm: Add isar_feature_aa32_{fpsp_v2, fpsp_v3, fpdp_v3}
+git bisect good f67957e17cbf8fc3cc5d1146a2db2023404578b0
+# bad: [a1229109dec4375259d3fff99f362405aab7917a] target/arm: Implement v8.4-RCPC
+git bisect bad a1229109dec4375259d3fff99f362405aab7917a
+# bad: [906b60facc3d3dd3af56cb1a7860175d805e10a3] target/arm: Add formats for some vfp 2 and 3-register insns
+git bisect bad 906b60facc3d3dd3af56cb1a7860175d805e10a3
+# good: [c52881bbc22b50db99a6c37171ad3eea7d959ae6] target/arm: Replace ARM_FEATURE_VFP4 with isar_feature_aa32_simdfmac
+git bisect good c52881bbc22b50db99a6c37171ad3eea7d959ae6
+# good: [f0f6d5c81be47d593e5ece7f06df6fba4c15738b] target/arm: Move the vfp decodetree calls next to the base isa
+git bisect good f0f6d5c81be47d593e5ece7f06df6fba4c15738b
+# bad: [f9506e162c33e87b609549157dd8431fcc732085] target/arm: Remove ARM_FEATURE_VFP*
+git bisect bad f9506e162c33e87b609549157dd8431fcc732085
+# good: [bfa8a370d2f5d4ed03f7a7e2987982f15fe73758] linux-user/arm: Replace ARM_FEATURE_VFP* tests for HWCAP
+git bisect good bfa8a370d2f5d4ed03f7a7e2987982f15fe73758
+# first bad commit: [f9506e162c33e87b609549157dd8431fcc732085] target/arm: Remove ARM_FEATURE_VFP*
+
+
+the root cause is that, some feature bit is not consistent any more with below changes in this commit:
+diff --git a/target/arm/cpu.h b/target/arm/cpu.h
+index b29b0eddfc..05aa9711cd 100644
+--- a/target/arm/cpu.h
++++ b/target/arm/cpu.h
+@@ -1880,7 +1880,6 @@ QEMU_BUILD_BUG_ON(ARRAY_SIZE(((ARMCPU *)0)->ccsidr) <= R_V7M_CSSELR_INDEX_MASK);
+  * mapping in linux-user/elfload.c:get_elf_hwcap().
+  */
+ enum arm_features {
+-    ARM_FEATURE_VFP,
+     ARM_FEATURE_AUXCR,  /* ARM1026 Auxiliary control register.  */
+     ARM_FEATURE_XSCALE, /* Intel XScale extensions.  */
+     ARM_FEATURE_IWMMXT, /* Intel iwMMXt extension.  */
+@@ -1889,7 +1888,6 @@ enum arm_features {
+     ARM_FEATURE_V7,
+     ARM_FEATURE_THUMB2,
+     ARM_FEATURE_PMSA,   /* no MMU; may have Memory Protection Unit */
+-    ARM_FEATURE_VFP3,
+     ARM_FEATURE_NEON,
+     ARM_FEATURE_M, /* Microcontroller profile.  */
+     ARM_FEATURE_OMAPCP, /* OMAP specific CP15 ops handling.  */
+@@ -1900,7 +1898,6 @@ enum arm_features {
+     ARM_FEATURE_V5,
+     ARM_FEATURE_STRONGARM,
+     ARM_FEATURE_VAPA, /* cp15 VA to PA lookups */
+-    ARM_FEATURE_VFP4, /* VFPv4 (implies that NEON is v2) */
+     ARM_FEATURE_GENERIC_TIMER,
+     ARM_FEATURE_MVFR, /* Media and VFP Feature Registers 0 and 1 */
+     ARM_FEATURE_DUMMY_C15_REGS, /* RAZ/WI all of cp15 crn=15 */
+
+paste the call trace
+
+(gdb) bt
+#0  0x0000aaaac036a02c in armv7m_nvic_neg_prio_requested (opaque=0x0, secure=false) at ../hw/intc/armv7m_nvic.c:406
+#1  0x0000aaaac014dcf4 in arm_v7m_mmu_idx_for_secstate_and_priv (env=0xaaaaca23d950, secstate=false, priv=true) at ../target/arm/m_helper.c:2837
+#2  0x0000aaaac014dd8c in arm_v7m_mmu_idx_for_secstate (env=0xaaaaca23d950, secstate=false) at ../target/arm/m_helper.c:2848
+#3  0x0000aaaac018aa6c in arm_mmu_idx_el (env=0xaaaaca23d950, el=1) at ../target/arm/helper.c:12841
+#4  0x0000aaaac018b788 in rebuild_hflags_internal (env=0xaaaaca23d950) at ../target/arm/helper.c:13100
+#5  0x0000aaaac018b80c in arm_rebuild_hflags (env=0xaaaaca23d950) at ../target/arm/helper.c:13113
+#6  0x0000aaaac007f928 in cpu_post_load (opaque=0xaaaaca233b10, version_id=22) at ../target/arm/machine.c:767
+#7  0x0000aaaabfc8f508 in vmstate_load_state (f=0xaaaaca355520, vmsd=0xaaaac0d59ea8 <vmstate_arm_cpu>, opaque=0xaaaaca233b10, version_id=22) at ../migration/vmstate.c:168
+#8  0x0000aaaabfca3404 in vmstate_load (f=0xaaaaca355520, se=0xaaaaca2708b0) at ../migration/savevm.c:885
+#9  0x0000aaaabfca6410 in qemu_loadvm_section_start_full (f=0xaaaaca355520, mis=0xaaaaca204d90) at ../migration/savevm.c:2396
+#10 0x0000aaaabfca6a8c in qemu_loadvm_state_main (f=0xaaaaca355520, mis=0xaaaaca204d90) at ../migration/savevm.c:2582
+#11 0x0000aaaabfca6c34 in qemu_loadvm_state (f=0xaaaaca355520) at ../migration/savevm.c:2661
+#12 0x0000aaaabfd95bf0 in process_incoming_migration_co (opaque=0x0) at ../migration/migration.c:522
+#13 0x0000aaaac06c6248 in coroutine_trampoline (i0=-895198224, i1=43690) at ../util/coroutine-ucontext.c:173
+#14 0x0000ffffa5071f90 in __startcontext () at ../sysdeps/unix/sysv/linux/aarch64/setcontext.S:123
+
+
+
+i have no a good idea how to fix it prefectly yet.
+
+This just came up on the list the other day. It should be fixed by this patch:
+https://<email address hidden>/
+
+
+https://<email address hidden>/ works for me.
+
+
+Fix now in master: commit af903caed9fc62cc6
+
+
diff --git a/results/classifier/108/other/1914870 b/results/classifier/108/other/1914870
new file mode 100644
index 000000000..9176b1259
--- /dev/null
+++ b/results/classifier/108/other/1914870
@@ -0,0 +1,136 @@
+other: 0.968
+debug: 0.944
+semantic: 0.944
+graphic: 0.938
+permissions: 0.929
+performance: 0.914
+device: 0.913
+boot: 0.909
+PID: 0.904
+socket: 0.898
+network: 0.877
+vnc: 0.867
+files: 0.801
+KVM: 0.787
+
+libvixl compilation failure on Debian unstable
+
+As of commit 0e324626306:
+
+$ lsb_release -d
+Description:    Debian GNU/Linux bullseye/sid
+
+Project version: 5.2.50
+C compiler for the host machine: cc (gcc 10.2.1 "cc (Debian 10.2.1-6) 10.2.1 20210110")
+C linker for the host machine: cc ld.bfd 2.35.1
+C++ compiler for the host machine: c++ (gcc 10.2.1 "c++ (Debian 10.2.1-6) 10.2.1 20210110")
+C++ linker for the host machine: c++ ld.bfd 2.35.1
+
+[6/79] Compiling C++ object libcommon.fa.p/disas_libvixl_vixl_utils.cc.o
+FAILED: libcommon.fa.p/disas_libvixl_vixl_utils.cc.o 
+c++ -Ilibcommon.fa.p -I. -I.. -Iqapi -Itrace -Iui/shader -I/usr/include/capstone -I/usr/include/glib-2.0 -I/usr/lib/hppa-linux-gnu/glib-2.0/include -fdiagnostics-color=auto -pipe -Wall -Winvalid-pch -Wnon-virtual-dtor -Werror -std=gnu++11 -O2 -g -isystem /home/philmd/qemu/linux-headers -isystem linux-headers -iquote . -iquote /home/philmd/qemu -iquote /home/philmd/qemu/include -iquote /home/philmd/qemu/disas/libvixl -iquote /home/philmd/qemu/tcg/hppa -iquote /home/philmd/qemu/accel/tcg -pthread -D__STDC_LIMIT_MACROS -D__STDC_CONSTANT_MACROS -D__STDC_FORMAT_MACROS -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wundef -Wwrite-strings -fno-strict-aliasing -fno-common -fwrapv -Wtype-limits -Wformat-security -Wformat-y2k -Winit-self -Wignored-qualifiers -Wempty-body -Wendif-labels -Wexpansion-to-defined -Wimplicit-fallthrough=2 -Wno-missing-include-dirs -Wno-shift-negative-value -Wno-psabi -fPIE -MD -MQ libcommon.fa.p/disas_libvixl_vixl_utils.cc.o -MF libcommon.fa.p/disas_libvixl_vixl_utils.cc.o.d -o libcommon.fa.p/disas_libvixl_vixl_utils.cc.o -c ../disas/libvixl/vixl/utils.cc
+In file included from /home/philmd/qemu/disas/libvixl/vixl/utils.h:30,
+                 from ../disas/libvixl/vixl/utils.cc:27:
+/usr/include/string.h:36:43: error: missing binary operator before token "("
+   36 | #if defined __cplusplus && (__GNUC_PREREQ (4, 4) \
+      |                                           ^
+/usr/include/string.h:53:62: error: missing binary operator before token "("
+   53 | #if defined __USE_MISC || defined __USE_XOPEN || __GLIBC_USE (ISOC2X)
+      |                                                              ^
+/usr/include/string.h:165:21: error: missing binary operator before token "("
+  165 |      || __GLIBC_USE (LIB_EXT2) || __GLIBC_USE (ISOC2X))
+      |                     ^
+/usr/include/string.h:174:43: error: missing binary operator before token "("
+  174 | #if defined __USE_XOPEN2K8 || __GLIBC_USE (LIB_EXT2) || __GLIBC_USE (ISOC2X)
+      |                                           ^
+/usr/include/string.h:492:19: error: missing binary operator before token "("
+  492 | #if __GNUC_PREREQ (3,4)
+      |                   ^
+In file included from /home/philmd/qemu/disas/libvixl/vixl/utils.h:30,
+                 from ../disas/libvixl/vixl/utils.cc:27:
+/usr/include/string.h:28:1: error: ‘__BEGIN_DECLS’ does not name a type
+   28 | __BEGIN_DECLS
+      | ^~~~~~~~~~~~~
+In file included from /home/philmd/qemu/disas/libvixl/vixl/utils.h:30,
+                 from ../disas/libvixl/vixl/utils.cc:27:
+/usr/include/string.h:44:8: error: ‘size_t’ has not been declared
+   44 |        size_t __n) __THROW __nonnull ((1, 2));
+      |        ^~~~~~
+/usr/include/string.h:44:20: error: expected initializer before ‘__THROW’
+   44 |        size_t __n) __THROW __nonnull ((1, 2));
+      |                    ^~~~~~~
+/usr/include/string.h:47:56: error: ‘size_t’ has not been declared
+   47 | extern void *memmove (void *__dest, const void *__src, size_t __n)
+      |                                                        ^~~~~~
+/usr/include/string.h:48:6: error: expected initializer before ‘__THROW’
+   48 |      __THROW __nonnull ((1, 2));
+      |      ^~~~~~~
+/usr/include/string.h:61:42: error: ‘size_t’ has not been declared
+   61 | extern void *memset (void *__s, int __c, size_t __n) __THROW __nonnull ((1));
+      |                                          ^~~~~~
+
+Is there a package dependency missing?
+
+I think we had some c++ related fixes merged in the last weeks ... is this still reproducible with the current 6.0-rc5 version of QEMU?
+
+The QEMU project is currently moving its bug tracking to another system.
+For this we need to know which bugs are still valid and which could be
+closed already. Thus we are setting the bug state to "Incomplete" now.
+
+If the bug has already been fixed in the latest upstream version of QEMU,
+then please close this ticket as "Fix released".
+
+If it is not fixed yet and you think that this bug report here is still
+valid, then you have two options:
+
+1) If you already have an account on gitlab.com, please open a new ticket
+for this problem in our new tracker here:
+
+    https://gitlab.com/qemu-project/qemu/-/issues
+
+and then close this ticket here on Launchpad (or let it expire auto-
+matically after 60 days). Please mention the URL of this bug ticket on
+Launchpad in the new ticket on GitLab.
+
+2) If you don't have an account on gitlab.com and don't intend to get
+one, but still would like to keep this ticket opened, then please switch
+the state back to "New" or "Confirmed" within the next 60 days (other-
+wise it will get closed as "Expired"). We will then eventually migrate
+the ticket automatically to the new system (but you won't be the reporter
+of the bug in the new system and thus you won't get notified on changes
+anymore).
+
+Thank you and sorry for the inconvenience.
+
+
+Still an issue as of commit 6d34aa9969f.
+
+Looking at commit 875df03b221 logic ("osdep: protect qemu/osdep.h with extern "C"")
+I tried this:
+-- >8 --
+diff --git a/disas/libvixl/vixl/utils.h b/disas/libvixl/vixl/utils.h
+index 5ab134e240..fc28d7456c 100644
+--- a/disas/libvixl/vixl/utils.h
++++ b/disas/libvixl/vixl/utils.h
+@@ -27,8 +27,10 @@
+ #ifndef VIXL_UTILS_H
+ #define VIXL_UTILS_H
+ 
+-#include <string.h>
+ #include <cmath>
++extern "C" {
++#include <string.h>
++}
+ #include "vixl/globals.h"
+ #include "vixl/compiler-intrinsics.h"
+---
+which fixes the problem...
+
+
+
+Suggested patch:
+https://lists.gnu.org/archive/html/qemu-devel/2021-05/msg04637.html
+
+Fix has been committed here:
+https://git.qemu.org/?p=qemu.git;a=commitdiff;h=2fed21d25b3a9562869
+
diff --git a/results/classifier/108/other/1914986 b/results/classifier/108/other/1914986
new file mode 100644
index 000000000..25743f2ec
--- /dev/null
+++ b/results/classifier/108/other/1914986
@@ -0,0 +1,103 @@
+semantic: 0.807
+permissions: 0.797
+other: 0.712
+graphic: 0.712
+device: 0.710
+debug: 0.681
+PID: 0.670
+KVM: 0.665
+vnc: 0.615
+socket: 0.592
+network: 0.567
+files: 0.555
+performance: 0.529
+boot: 0.528
+
+KVM internal error. Suberror: 1  -  OVMF / Audio related
+
+This is latest release QEMU-5.2.0 on Arch Linux running kernel 5.10.13, latest OVMF etc.
+
+I'm seeing the following crash when loading an audio driver from the OpenCore[1] project in the UEFI shell:
+
+KVM internal error. Suberror: 1
+emulation failure
+RAX=0000000000000000 RBX=0000000000000000 RCX=0000000000000000 RDX=0000000000000000
+RSI=0000000000000000 RDI=000000007e423628 RBP=000000007fee6a90 RSP=000000007fee6a08
+R8 =0000000000000000 R9 =0000000000000080 R10=0000000000000000 R11=0000000000000000
+R12=000000007eeaf828 R13=0000000000000000 R14=0000000000000000 R15=000000007fee6a67
+RIP=00000000000b0000 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
+ES =0030 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
+CS =0038 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
+SS =0030 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
+DS =0030 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
+FS =0030 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
+GS =0030 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
+LDT=0000 0000000000000000 0000ffff 00008200 DPL=0 LDT
+TR =0000 0000000000000000 0000ffff 00008b00 DPL=0 TSS64-busy
+GDT=     000000007f9ee698 00000047
+IDT=     000000007f27a018 00000fff
+CR0=80010033 CR2=0000000000000000 CR3=000000007fc01000 CR4=00000668
+DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
+DR6=00000000ffff0ff0 DR7=0000000000000400
+EFER=0000000000000d00
+Code=00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <ff> ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
+
+
+Here's the QEMU command line I'm using:
+
+qemu-system-x86_64 \
+-machine q35,accel=kvm \
+-cpu host,+topoext,+invtsc \
+-smp 4,sockets=1,cores=2 \
+-m 4096 \
+-drive file=/usr/share/edk2-ovmf/x64/OVMF_CODE.fd,if=pflash,format=raw,readonly=on \
+-drive file=OVMF_VARS.fd,if=pflash,format=raw \
+-usb -device usb-tablet -device usb-kbd \
+-drive file=OpenCore-0.6.6.img,format=raw \
+-device ich9-intel-hda,bus=pcie.0,addr=0x1b \
+-device hda-micro,audiodev=hda \
+-audiodev pa,id=hda,server=/run/user/1000/pulse/native
+
+The driver loads fine when using the "no connect" switch. eg:
+
+Shell> load -nc fs0:\efi\oc\drivers\audiodxe.efi
+Shell> Image 'fs0:\EFI\OC\Drivers\AudioDxe.efi' loaded at 7E3C7000 - Success
+
+However, the crash occurs when loading normally.
+
+Any ideas? Thanks.
+
+[1]: https://github.com/acidanthera/OpenCorePkg/releases
+
+The QEMU project is currently moving its bug tracking to another system.
+For this we need to know which bugs are still valid and which could be
+closed already. Thus we are setting the bug state to "Incomplete" now.
+
+If the bug has already been fixed in the latest upstream version of QEMU,
+then please close this ticket as "Fix released".
+
+If it is not fixed yet and you think that this bug report here is still
+valid, then you have two options:
+
+1) If you already have an account on gitlab.com, please open a new ticket
+for this problem in our new tracker here:
+
+    https://gitlab.com/qemu-project/qemu/-/issues
+
+and then close this ticket here on Launchpad (or let it expire auto-
+matically after 60 days). Please mention the URL of this bug ticket on
+Launchpad in the new ticket on GitLab.
+
+2) If you don't have an account on gitlab.com and don't intend to get
+one, but still would like to keep this ticket opened, then please switch
+the state back to "New" or "Confirmed" within the next 60 days (other-
+wise it will get closed as "Expired"). We will then eventually migrate
+the ticket automatically to the new system (but you won't be the reporter
+of the bug in the new system and thus you won't get notified on changes
+anymore).
+
+Thank you and sorry for the inconvenience.
+
+
+[Expired for QEMU because there has been no activity for 60 days.]
+